11 November 2010 - Blog - PortWatcher's Blog

Blog

Main

FCKeditor 2.x <= 2.4.3 Arbitrary File Upload Vulnerability

# Exploit Title: FCKeditor 2.0-2.4.3 arbitrary file upload

# Author: grabz

# Software Link: http://sourceforge.net/projects/fckeditor/

# Version: FCKeditor 2.x <= 2.4.3

# Tested on: 2.0, 2.2, 2.3.2, 2.4.0, 2.4.3

for version 2.0 - 2.2:

in file FCKeditor/editor/filemanager/upload/php/upload.php

Code

#$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;

#

#// Get the allowed and denied extensions arrays.

#$arAllowed = $Config['AllowedExtensions'][$sType] ;

#$arDenied = $Config['DeniedExtensions'][$sTy ... Read more »

Category: 漏洞信息 | Views: 7702 | Added by: Jury | Date: 2010-11-11 | Comments (0)

分类

站内搜索

日历

友情链接

访问统计(起于2010/10/2)

Blog